--- title: "Activate two-step authentication" slug: "activate-two-step-authentication" updated: 2026-04-24T15:56:04Z published: 2026-04-24T15:56:04Z canonical: "help.quickbase.com/activate-two-step-authentication" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.quickbase.com/llms.txt > Use this file to discover all available pages before exploring further. # Activate two-step authentication When two-step authentication is activated, a user signing in to Quickbase must provide two means of identification from separate categories of credentials: username/password combination and a security code provided via email. Realm admins can activate two-step authentication from the Policies page in the admin console. If you are a realm admin but do not have access to the Policies page, you can activate two-step authentication from the Account Summary page. Pipelines and user tokens are not dependent on two-factor authentication, so you do not need to re-configure if you implement this feature in your production environment. ## Activate two-step authentication from the Policies page 1. From the My Apps page, select **Quickbase Admin** > **Manage the realm**. 2. Select **Policies** to navigate to the Policies page. 3. In the **Sign-in policies** section, select the **Require 2-step authentication** box. 4. Enter how many days to allow devices to be remembered. 5. Select **Save**. > [!NOTE] > Note: When you activate two-step authentication, users already signed in will not be prompted to enter a code until the next time they are asked to sign in. ## Activate two-step authentication from the Account Summary page 1. From the My Apps page, select **Manage my account** in the **Account Admin** section. - You may also access the admin console by selecting **Hi, (your name)** > **Manage billing account**. 2. From the Account Summary page, select **More** > **Edit Account Properties**. 3. Select the **Require 2-step Authentication** checkbox. **Note**: If you do not have access to the Policies page, it means that you are not on a plan that will not allow you to set how long devices will be remembered. Instead, when users sign in they will see the option for their device to be remembered for 30 days. When you activate two-step authentication, users already signed in will not be prompted to enter a code until the next time they are asked to sign in. ## Authenticate connections and integrations when two-step authentication is activated ### Quickbase connected tables When two-step authentication is activated, authenticate Quickbase[To add a connected table:](/v1/docs/add-a-connected-table) with a user token. They will not be able to authenticate with a username and password. [Benefits of user tokens](/v1/docs/create-and-use-user-tokens) in the app you want to connect to, and use that token when you [To connect to another Quickbase app:](/v1/docs/connect-to-another-quickbase-app) ### API integrations API integrations must also [authenticate using user tokens and not standard Quickbase API_Authenticate](/v1/docs/api-authenticate) if two-step authentication is activated. Integrations using API_Authenticate will fail.